09-19-2018 02:38 PM - last edited on 07-10-2019 07:49 PM by Retired Member
My company has not transitioned to GPCS yet and currently still uses Cisco AnyConnect. We have 10K+ remote users and 5weeks ago about 100+ users started getting random disconnects and they are all Comcast users with XB3 type modem. I wanted to ask the forum if anyone has seen this type of issue with GPCS as well ? I understand that there is a lot to the configuration, but just wanted to see if anyone can relate to this comcast issue using GPCS.
Appreciate any feedback!
NOTE: GlobalProtect Cloud Service has changed to Prisma Access.
09-20-2018 07:45 AM
It could just be ISP related. I know we were affected by the Comcast outage and it didnt matter which client the users had. Also make sure the firmware on those routers are up to date. Obivously it would probably be a good to test it out on a small group of users and see what they experience.
Just some thoughts.
09-20-2018 01:00 PM
Have you confirmed it works on Comcast with a different modem? I have seen issues with GlobalProtect working successfully through a couple specific modems used in Europe ISP markets. As soon as the user replaced the modem all was well. Prior to that connections were unsuccessful frequently or GP selected the wrong regional GP Gateway. AnyConnect to our Cisco ASA didn't seem to have any issues but I hadn't confirmed it was using IPSec vs SSL as the transport.
If you are using AnyConnect with xauth to a Palo Alto it would require IPSec but you could help exclude it being an ASA issue. Is it an IPSec or SSL AnyConnect connection dropping??
You might want to just setup a gateway for that user on GlobalProtect with IPSec disabled so it uses an SSL tunnel to see if that works more reliably for them until the ISP/modem issue is resolved (if ever).
I have offices on Comcast and have frequent drops but they are a Cisco router to PAN VPN gateway. We don't seem to have issues with PA to PA VPN's but have none of those on domestic cable modem based ISPs.
09-20-2018 07:10 PM
We know VPN connection is stable with XB6 modem. Someone on theComcast forum suggested to turn off DTLS on Cisco ASA, but I have not tried it yet.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!